Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2025-04-16 CVE-2025-3679 Out-of-bounds Write vulnerability in Pcman FTP Server 2.0.7
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7.
network
low complexity
pcman CWE-787
critical
9.8
2025-04-16 CVE-2025-3676 SQL Injection vulnerability in Xxyopen Novel-Plus 3.5.0
A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0.
network
low complexity
xxyopen CWE-89
critical
9.8
2025-04-11 CVE-2025-3439 Deserialization of Untrusted Data vulnerability in Wpeverest Everest Forms
The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'field_value' parameter.
network
low complexity
wpeverest CWE-502
critical
9.8
2025-04-11 CVE-2025-2636 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter.
network
low complexity
CWE-22
critical
9.8
2025-04-10 CVE-2024-58136 Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
network
low complexity
critical
9.8
2025-04-09 CVE-2025-3115 Unspecified vulnerability in Tibco products
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
network
low complexity
tibco
critical
9.8
2025-04-09 CVE-2025-32375 Deserialization of Untrusted Data vulnerability in Bentoml
BentoML is a Python library for building online serving systems optimized for AI apps and model inference.
network
low complexity
bentoml CWE-502
critical
9.8
2025-04-08 CVE-2025-24446 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution.
network
low complexity
adobe
critical
9.1
2025-04-08 CVE-2025-24447 Unspecified vulnerability in Adobe Coldfusion 2021/2023/2025
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user resulting in a High impact to Confidentiality and Integrity.
network
low complexity
adobe
critical
9.1
2025-04-08 CVE-2025-30281 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read.
network
low complexity
CWE-284
critical
9.1